Exposing the Sonatrach Data Leak and the Data Leak Broker Behind it - An OSINT 
Analysis 
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sonatrach 


Sample Twitter account of the individual involved in the leak: 
https://twitter.com/sonatrachdzleak 


Sample personally identifiable email of the individual involved in the leak: 


sOnatrach@proton.me 


Sample URLs for leaked information obtained from the leak: 


https://anonfiles.com/cbz9z225y4/Le contr le de gestion pour managers zip 
https://easyupload.io/rps33q 
https://easyupload.io/ax8jh3 
https://easyupload.io/n443ev 
https://easyupload.io/dw9209 


Password: 7Rxt540“R%d*g!ZXk 


Sample screenshots: 


Our warning before the SONATRACH leak. 
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A: AST-Personnel-Grpts; AST_staff_siége; AST_staff_grpts; DS!-Sécurité Sl; FOR-SIEGE; HMD-FOR-DML 

Cc: SOnatrach@proton.me & 


Hey All, 


For the past months a group of algerian hackers named 1337_h4x0rs_team has been targeting public service websites and 
stealing public informations. today we've decided to fight back :) 
Our request is simple 


* SONATRACH takes legal action against these guys and take them to jail 
¢ SONATRACH Is a goverment controlled company which means you have power in algeria to stop these kids. 
e¢ SONATRACH Data will not be leaked if these kids get arrested :) 


The data we have is the following : 


« Goverment Documents 
¢ Bank statements 

e AD User dump 

e Emails dump 


We both know that if this kind of data gets leaked you will be in troubles so i advise you to get to work ASAP, you have 
exactly ONE WEEK or the leak will start. 


The infos about the attackers are below : 
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Monsieur le Directeur de l’Agance 
BAOR AMIROUCHE 


Compte_N* : 00300060000080230065 


Objet: ORDRE DE VIREMENT 6 de eee gS 


Par le débit de notre compte N° 00300060000080230065, j'ai I"honneur de vous 
demander de bien vouloir procéder au virement de la somme de: Deux cent mille Dinars 
et zéro Centime (200 000,00 DA). Représentant Réglement New Ligne Spécialisée 


Internet du 01/07/2021 au 31/08/2021, en faveur de ACTEL AIN NAADIA (Hi), titulaire 
du compte bancaire BNA sous le numéro : 


00 100 623 0300 000 012/95 


Veuillez agréer, Monsieur le Directeur l'expression de mes salutations 
distinguées. 
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02353 5431:..sus 0235354 31/32/33/35 : tel Aewill See 1 keno 416 pm Ste Sige 


Raiecn yowsote > Organiaatnon Internationale pout les Migsations 
Adresse 21-22 Lotlasement El Fett, 16003 £1 Bias, 16000, Alger 
Date : SONI 

Bonque : BNA. 

Namire de compte : COL C0601 0208 000 017 95 


Par le débit de notre compte virez wu compte de prestataire suivant! 


Banque > BNA 
Numalno de compte > 00100 622 0200 000 017/33 


DIX MILLE CINQUANTE ET UN DINARS ET 
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Sample screenshots of individuals involved in various Web site defacements that 
prompted the Sonatrach data leak broker to leak information obtained from the original 


leak: 


+ @ : 
> 
- wile a 


~ Full name: hafsaoui sofiane 


Virtual name : "sofiane pachika" AKA "sofian 
35 Dz" 


Location : Algeria, Bou Merdes 


IG : https:/Awww.instagram.com/hafsaouisofi/ 
B channel : 
https:/Avww.youtube.com/channel/UCAarxE- 
cCNsy2du8azrE9w/featured 


one-h : https:/Awww.zone- 
h.org/archive/notifier=sofian%20X35%20Dz 


Facebook : 
https:/Awww.facebook.com/sofianpachika54 
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Seg Fat ce eee: 
FULL NAME : Djebbar Bassem 
Twitter : dj3bb4ran0n1 
zone-h : http://zone- 
h.org/archive/notifier=djebbaranon 
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